Reminder to physicians and employees: Portable media devices must be encrypted

Wednesday, August 30, 2017

WVU Medicine Information Technology (IT) reminds all physicians, clinicians, and employees: Do not use portable media unless absolutely necessary. If you must use portable media, such as jump/thumb drives, USB drives, and external back-up drives, you must ensure that the devices are encrypted, as per organizational policy.

Why is it crucial that you know and comply with this policy? If PHI is stored on a jump/thumb drive or external back-up drive and the drive is misplaced, our patients’ information is at risk for identity theft and medical fraud. In addition, the organization may be required to formally report the issue to the Office of Civil Rights (OCR) and face legal ramifications.

Even if portable media is used in a physically secure environment, the media must be encrypted as per policy.

For assistance in ensuring that your portable media device is encrypted, contact the WVU Medicine IT Help Desk. Keep in mind that it is your responsibility to know and comply with our internal policies regarding privacy and security. Failure to do so could result in disciplinary action, up to and including possible termination.